CVE-2020-3943
CRITICALvRealize Operations for Horizon Adapter <6.7.1-6.6.1 - RCE
Title source: llmDescription
vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code in vRealize Operations.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.vmware.com/security/advisories/VMSA-2020-0003.html
Scores
CVSS v3
9.8
EPSS
0.0173
EPSS Percentile
82.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (1)
vmware/vrealize_operations
6.6.0 - 6.6.1
Published
Feb 19, 2020
Tracked Since
Feb 18, 2026